Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.

Published byGregory Hubbard Modified over 6 years ago

Similar presentations

Presentation on theme: "Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017."— Presentation transcript:

1 Quality Management System Deliverable Software 9115 revision A Key changes presentation
IAQG 9115 Team March 2017

2 9100D / 9115 revision A Table of contents Background
Reasons for the 9115 revision High Level Structure Key Changes Questions

3 9115 revision A Background

4 9100D / 9115 revision A Background
Reminder: AS9115 supercedes AS9006, which was published in March, 2003 as an Americas only standard Later Internationally adopted as 9115 AS Software Supplement to AS9100 Adds specificity and granularity for compliance with the objectives of AS9100 requirements for Deliverable Software Deliverable Software Developed or modified, airborne, shipborne, space borne or ground software Can be a stand alone deliverable software by contract line item or embedded in deliverable product Unmodified COTS components excluded

5 9100D / 9115 revision A AS9115 SUPPLEMENTS AS9100
Clarifies 9100 requirements relative to software

6 9100D / 9115 revision A Example of standard AS9115 verbiage when AS9100 text applies with NO clarification needed for deliverable software AS9100 AS9115

7 9100D / 9115 revision A Example of standard AS9115 verbiage when AS9100 text applies WITH additional clarification needed for deliverable software AS9100 AS9115

8 9115 revision A Reasons for revision

9 9100D / 9115 revision A ISO 9001 / 9100 core reasons for change
Adapt to a changing world Enhance an organization's ability to satisfy its customers Provide a consistent foundation for the future Reflect the increasingly complex environments in which organizations operate Ensure the new standard reflects the needs of all interested parties Integrate with other management systems

10 9100D / 9115 revision A The “9100” needs to change, to:
Incorporate changes made by ISO TC176 to the ISO 9001:2015 requirements (ISO liaison organized to collaborate with the IAQG 9100 team and to obtain consideration for IAQG requirements) Consider Aviation, Space and Defense stakeholders’ needs identified since the last revision (web survey performed in 2013) Consider clarifications to 9100 series requests issued by IAQG since the last revision (requirements clarified or notes added)

11 9100D / 9115 revision A Why “9115” needed to change:
AS9100 changed to align with ISO 9001:2015 Respond to changes in software development methods Consider threat profiles to Aviation, Space and Defense software systems – adds themes of cybersecurity Advances in tools, simulations and testing capabilities Recognize the expanded scales of software impact such as cloud based services, mobile apps, small embedded web based servers and networked appliances Ensure mitigation of potential quality concerns are met for software Disposition the collection of feedback related to 9115 since 2010

12 9100 revision D / 9115 revision A High Level Structure

13 Context of organization Performance Evaluation
9100 revision D High Level Structure (from ISO 9001) High Level Structure ISO is going from 8 clauses to 10 clauses Plan Do Check Act 4 Context of organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance Evaluation 10 Improvement Rationale Better alignment to business strategic direction With PDCA approach More compatible with other management system standards Implementation Considerations Review your current QMS structure (preferable to adapt the QMS structure to the Business Processes)

14 9100 revision D High Level Structure (from ISO 9001) Plan Do Check Act
4 Context of organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance Evaluation 10 Improvement 8.1 Operational planning and control 4.1 Understanding context 6.1 Actions to address risk and opportunity 7.1 Resources 9.1 Monitoring, measurement, analysis and evaluation 10.1 General 5.1 Leadership and commitment (MS) 7.2 Competence 10.2 Nonconformity and corrective action 4.2 Interested parties 5.2 Policy 8.2 Determination of requirements for products & services 6.2 Objectives and planning 9.1.2 Customer satisfaction 7.3 Awareness 4.3 Scope 5.3 Organizational roles, responsibilities and authorities 10.3 Continual improvement 8.3 Design and Development of products & services 6.3 Planning of changes 7.4 Communication 9.1.3 Analysis and evaluation 4.4 Processes 7.5 Documented information 8.4 Control of externally provided processes, products & services 9.2 Internal audit 9.3 Management review 8.5 Production and service provision 8.6 Release of products & services 8.7 Control of nonconforming outputs

15 9115 revision A Key Changes

16 New content – Recognition of Mobile Apps & Cloud Based Services
9115 revision A New content – Recognition of Mobile Apps & Cloud Based Services

17 High quality software is not enough.
9115 revision A High quality software is not enough. In the past, software had to meet functional and safety requirements This alone is no longer adequate Now, software and it’s environment must also be SECURE – Information Assurance

18 9115 revision A Understanding: Information Assurance, Information Security and Cybersecurity Information Assurance as defined in AS9115: “The set of activities needed to protect information and information systems by ensuring availability, integrity, authentication, confidentiality, and non-repudiation including protection, detection, and reaction capabilities. INFORMATION ASSURANCE – QMS /Policy/Infrastructure level – “Protecting information and information systems by ensuring availability, integrity, authentication, confidentiality, and non-repudiation. Includes protection, detection, and reaction capabilities.” (1). NIST, IC INFORMATION SECURITY – Security of all media – “Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.” (1). NIST, IC, ISO CYBERSECURITY – Security in the cyber realm – “Protecting cyberspace [networks, computers, processors and communication systems] from cyber attacks.“ (1). NIST IC, DOD

19 9115 revision A Significant addition to 9115 standard:
Enhanced cybersecurity requirements

20 Cybersecurity derived themes
9115 revision A Cybersecurity derived themes Culture of Security Technical Security Software Life Cycle Security Supply Chain Security Internal Audit of Cyber Security Notification, Response, and Recovery NIST Cybersecurity Framework (NIST )

21 9115 revision A Introduction, Scope & References provide inclusion of mobile applications, and services (e.g. cloud environment, web hosted solutions or platforms) 3.0 - Definitions Information Assurance – new definition Interested Parties – replaces Stakeholder Non-developmental Software – added Government off-the Shelf (GOTS) software to definition Software Life Cycle – slight definition revision to provide clarity Support Software – slight definition revision to provide clarity Validation – slight definition revision to provide clarity Verification – slight definition revision to provide clarity

22 Note: this is the most impactful IA requirement added
9115 revision A Note: this is the most impactful IA requirement added 4. – Context of the Organization 4.3 “When determining the scope of the quality management system, the organization shall include the elements of IA (e.g., culture of security, including personal identifiable information security; technical security; software development life-cycle security elements; supply chain security; internal security audits; notification; response; recovery), appropriate to the size, criticality, complexity, or consequence of exploitation of the organization’s processes, products, or services.” “NOTE: For further information, see the IAQG Supply Chain Management Handbook (SCMH).” 5. – Leadership No clarification from 9100 for Software

23 9115 revision A 6. – Planning 7. – Support
6.1 “The organization shall consider deliverable software products, processes, and services when determining risk and opportunities.” This should include consideration of external providers, when appropriate. 7. – Support Focus on infrastructure in 7.1.3 Tools, utilities, cyber protected environment, code analysis capabilities Security for software environments against threats 7.1.4 “The organization shall ensure that the operational environment appropriately protects the software against unauthorized access and tampering.” Competence (7.2) appropriate for the criticality and complexity to support customer and system requirements Resources available to retain legacy data (7.5.3)

24 9115 revision A 8. – Operation 9. – Performance Evaluation
Software planning addresses software related activities from project planning through product delivery and maintenance Quality objectives and requirements expressed in measurable terms, including critical items and key characteristics Defined rules, practices, conventions, techniques, and methodologies for development and test Strong software configuration management guidance Focus on product integrity and safety Prevention of counterfeit software (8.1.4) 9. – Performance Evaluation Software organizations analyze and evaluate industry data on emerging threats and vulnerabilities Internal audits include software aspects of the QMS

25 9115 revision A Support materials on 9115 and software QMS:
10. – Improvement No clarification from 9100 for Software 11. – Notes Support materials on 9115 and software QMS: IAQG Supply Chain Management Handbook

26 SCMH – http://www.iaqg.org/scmh

27 Questions? 27

Download ppt "Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017."

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
Transition from Q1- 8th to Q1- 9th edition

Transition from Q1- 8th to Q1- 9th edition
ISO 9001: Countdown to 2015 Presented by Ellen Diggs Ellen Diggs Consulting ekdiggs@verizon.net February 11, 2015 It’s Not Just for Manufacturing Anymore!

ISO 9001: Countdown to 2015 Presented by Ellen Diggs Ellen Diggs Consulting February 11, 2015 It’s Not Just for Manufacturing Anymore!
Draft BY QI organization June 2014

Draft BY QI organization June 2014
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 The Role of the Revised IEEE Standard Dictionary of Measures of the Software Aspects of Dependability in Software Acquisition Dr. Norman F. Schneidewind.

1 The Role of the Revised IEEE Standard Dictionary of Measures of the Software Aspects of Dependability in Software Acquisition Dr. Norman F. Schneidewind.
IAQG 9110:2012 Revision Overview Prepared by IAQG 9110 Team Please contact Jeff Wood at with any questions or

IAQG 9110:2012 Revision Overview Prepared by IAQG 9110 Team Please contact Jeff Wood at with any questions or
Security Controls – What Works

Security Controls – What Works
TEMPUS ME-TEMPUS-JPHES

TEMPUS ME-TEMPUS-JPHES
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
A Review ISO 9001:2015 Draft What’s Important to Know Now

A Review ISO 9001:2015 Draft What’s Important to Know Now
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
ISO 9001:2015 Revision overview December 2013

ISO 9001:2015 Revision overview December 2013
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Software Quality Assurance Lecture 4. Lecture Outline ISO ISO 9000 Series of Standards ISO 9001: 2000 Overview ISO 9001: 2008 ISO 9003: 2004 Overview.

Software Quality Assurance Lecture 4. Lecture Outline ISO ISO 9000 Series of Standards ISO 9001: 2000 Overview ISO 9001: 2008 ISO 9003: 2004 Overview.

Similar presentations

Ads by Google